Microsoft has released the GA version of the Azure Information Protection client, which reads information about Office 365 sensitivity labels and policies from the Security and Compliance Center. It’s one more step along the path to making it easy for Office 365 tenants to protect their data. Work still has to be done, but at least we can see light at the end of the encryption tunnel.
Microsoft released an update for the unified labeling version of the Azure Information Protection client needed for Office 365 sensitivity labels, which now boast auto-label support. Solid progress is being made to move sensitivity labels to the point where they are considered to be generally available, probably later this year. In the meantime, pay attention to the premium features like auto-label which require more expensive licenses.
Microsoft has released details of an Exchange Online transport rule to encrypt outbound email containing sensitive data types like credit card numbers. The rule works (after fixing the PowerShell), but needs to be reviewed and possibly adjusted to meet the needs of Office 365 tenants.
Office 365 tenants can use Exchange transport rules to apply autosignatures to outbound email, including messages protected with encryption. You can even include some properties of the sender extracted from Azure Active Directory, and you can add an exception so that the autosignature isn’t applied to replies.
Encrypted email is becoming more common within Office 365. Things usually flow smoothly when sending protected messages to email recipients, but other Office 365 recipient types like Teams and Yammer might not be able to handle protected email.
Making it easy to protect Office 365 content with encryption is great, but it has some downsides too. One of the obvious problems that we have is that encrypted documents in SharePoint and OneDrive for Business libraries can’t be found unless their metadata holds the search phrase.
The Microsoft-Adobe initiative to support Azure Information Protection for PDF files has reached general availability. Things look good and the issues encountered in the preview are removed. You can store protected PDFs inside Office 365, but be prepared to download the files to be able to view them.
The Office 365 Security and Compliance Center includes a report to detail encrypted email. The report is in preview. It’s a nice insight into user activity, even if it has some glitches that need to be sorted out before it becomes generally available.
The latest version of the Azure Information Protection (AIP) client supports the ability to associate S/MIME protection with an AIP label. Although interesting, it’s a feature unlikely to be of much practical use to the majority of Office 365 tenants.
Rights management and encryption are likely to be a much more common Office 365 feature in the future. Sensitivity labels makes protection easy for users to apply through Office apps. The downside is that protection makes content harder to access for some Office 365 and ISV functionality.